This forum is now a read-only archive. All commenting, posting, registration services have been turned off. Those needing community support and/or wanting to ask questions should refer to the Tag/Forum map, and to http://spring.io/questions for a curated list of stackoverflow tags that Pivotal engineers, and the community, monitor.

UpgradeAcegi Security System from 0.6.1 to 0.8.3

Sep 20th, 2005, 06:40 AM

Hi all i'm trying to upgrade ASS from 0.6.1 to 0.8.3 in a web application based on Appfuse (Equinox) project. The problem is that in the old project there was in applicationContext-security.xml a filter call AutoIntegrationFilter. Now, using the notes to upgrade ASS i saw that it doesn't work in the new version because we can use HttpContextIntegrationfilter. In my new project i'd like to use channelsecurity to use SSL for login and some other zones.
I try to set one filter in my web.xml that point to filterChainProxyBean and make the chain like this one
[code]
<bean id="filterChainProxy" class="net.sf.acegisecurity.util.FilterChainProxy" >
<property name="filterInvocationDefinitionSource">
<value>
CONVERT_URL_TO_LOWERCASE_BEFORE_COMPARISON
PATTERN_TYPE_APACHE_ANT
/**=channelProcessingFilter,httpSessionContextInteg rationFilter,authenticationProcessingFilter,securi tyEnforcementFilter
</value>
</property>
</bean>
&#91;code&#93;
I use tomcat 5.0.28 for deploying, and everithing is ok until login based on form. when i send username and pwd in firefox url bar appear this string:http://localhost:8080/infotv-0.1/j_a...sword=mannobug

The control of the program return on index and appear on the top of the browser a message "Page Not Found".
My complete web.xml is:

Comment

First of all, let's make debugging easier by removing channelProcessingFilter from the list of filters defined in your filterChainProxy bean.

Your filterChainProxy bean is missing a reference to an AbstractProcessingFitler subclass, such as net.sf.acegisecurity.ui.webapp.AuthenticationProce ssingFilter if you're using form-based authentication. This means that when you post your login form, there is nothing to setup the SecurityContextHolder with an appropriate Authentication object.